APT Ransomware

You are in big trouble if the devious APT Ransomware slithers into your operating system because this infection can encrypt your personal files (you will see “.dll” attached to them). The worst part is that this threat appears to have been created by cyber criminals who are not even willing to release your files. According to the research conducted in our internal lab, it appears that the ransomware is unable to decrypt your files, which, of course, means that once this threat is in, your files are gone. Although the ransomware does not delete the files, it changes their data using the AES 256 algorithm, and that makes your files unreadable. We have found how this threat is proliferated, and we know how it works. If you want to learn more about that as well, you should continue reading this report. Also, keep reading if you want to remove APT Ransomware from your operating system, which, of course, is crucial.

According to our research, the devious APT Ransomware spreads mainly via spam emails. The launcher of this dangerous threat is likely to be represented as a document file or a picture, and you might be tricked into opening it because of the information attached to the spam email. In the past, we have seen cyber criminals pretending to represent airlines, postal services, banks, and similar institutions. They are even capable of creating email addresses that look authentic, which can help trick users. Unfortunately, once the launcher is opened, the victim might not notice anything suspicious. Of course, the content that you expect to see by opening the file will not appear, which, of course, is a red flag. Unfortunately, even if you notice that something is not right, it is unlikely that you will be able to stop APT Ransomware. Deleting the malicious launcher right away is the only thing that can help, and you are unlikely to figure that out in time.

It was found that APT Ransomware was created using the open source ransomware project that goes by the name “HiddenTear.” 8lock8 Ransomware and GhostCrypt Ransomware – infections that we have reported in the past – were both created using the same project. It was found that APT Ransomware – and possibly, other infections that belong to the HiddenTear group – can remove Shadow Volume copies, which reduces your chances of getting your files back. Some users set up a restore point to prevent the loss of data in cases like this one; however, the ransomware uses the “vssadmin delete shadows /all” command to delete Shadow Volume copies. All of this should leave the user with no other choice but to pay the ransom that is requested from them, but, as our researchers have found, the ransomware does not send a key to C&C servers, which makes the decryption of the files impossible. Unfortunately, there is no way for regular users to know this unless they research the ransomware first.

The DECRYPT_YOUR_FILES.HTML file is created by APT Ransomware to represent the demands. According to these demands, you need to pay a ransom of 1 BTC (~630 USD) within five days and confirm the transaction by sending your Bitcoin Wallet ID and your unique ID to the provided Bitmessage address, 2cX4MWcTFbmKgPQX1irMiDsU84dXB6LFBv. Cyber criminals threaten to delete all files if the payment is not made within 5 days, but, as you now know, there is no point in paying the ransom. Although your files will not be removed, they will remain unreadable. Hopefully, you have them backed up; otherwise, there really isn’t much you can do. You might have to resign to losing them.

You can remove APT Ransomware manually or you can install an automated malware detection and removal tool. If you are not ready or experienced to inspect your own operating system, clean it from threats, and protect it against the invasion of malware, it is a good idea to install anti-malware software as soon as possible. If you think you can handle everything yourself – which, by the way, is a challenge for even highly experienced users – you might choose to follow the manual removal guide displayed below. The biggest struggle you might face is identifying the malicious ransomware launcher, as well as other active threats. If you are unable to do that yourself, install a legitimate and up-to-date malware scanner.